Viruses and worms are related classes of malicious code; as a result they are
often confused. Both share the primary objective of replication. However,
they are distinctly different with respect to the techniques they use and their
host system requirements. This distinction is due to the disjoint sets of
host systems they attack. Viruses have been almost exclusively restricted to
personal computers, while worms have attacked only multi-user systems.

A careful examination of the histories of viruses and worms can highlight the
differences and similarities between these classes of malicious code. The
characteristics shown by these histories can be used to explain the differences
between the environments in which they are found. Viruses and worms have very
different functional requirements; currently no class of systems simultaneously
meets the needs of both.

A review of the development of personal computers and multi-tasking workstations
will show that the gap in functionality between these classes of systems is
narrowing rapidly. In the future, a single system may meet all of the
requirements necessary to support both worms and viruses.
This implies that worms and viruses may begin to appear in new classes
of systems. A knowledge of the histories of viruses and worms may make it
possible to predict how malicious code will cause problems in the future.

Basic Definitions

To provide a basis for further discussion, the following
definitions will be used throughout the report.

Trojan Horse - a program which performs a useful function, but also performs
an unexpected action as well.

Virus - a code segment which replicates by attaching copies to existing executables.

Worm - a program which replicates itself and causes execution of the new copy.

Network Worm - a worm which copies itself to another system by using common network facilities, and causes execution of the copy on that system.